SUSE Security Announcement - SUSE-SA:2005:061 - The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications).
235db4139a20a9a2c6eba65537656ab608d77d43e00c490914cf6903a3ab1f3c
PHPNuke suffers from a remote directory traversal vulnerabity in modules.php. POC included.
2275b04edb6dbdcf69add72469f11b5e76743784652889fdebd1388403a68e94
David Litchfield of NGSSoftware has discovered discovered multiple critical and high risk vulnerabilities in the Oracle Database Server. These vulnerabilities can be exploited by an attacker to gain complete control of the database server.
d4d0dba30ab8f34467c176fa4cc1faf701f92737ee36f1c97f217bd8229f1eb2
The Linksys WRT54G suffers from a directory transversal vulnerability.
fba0ee4829cccc850ed5be431dfea1f84f9563066e7a295725ba9d940365b4fb
Technical Cyber Security Alert TA05-291A - The Snort Back Orifice preprocessor contains a buffer overflow that could allow a remote attacker to execute arbitrary code on a vulnerable system.
46101f7a12d82b7bebddf86da85d2c6af32be672f2eedc385d9e2083099baf60
Secunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system.
a06892cdcbe59aadbc48aa8c3d57e8c8c48c363ab4ec3944cd3e4f1b59bd74f9
Secunia Research has discovered some vulnerabilities in MySource, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
b20aff27f2ff5fe5e74059ae65e4aa37d5e08883f20daf849c01042b8b016dc5
Google Talk stores proxy login credentials as cleartext in the Windows Registry.
3b3ae75d3315891b6d6432914b38f8c98f55e1c846e09288efbdfb69ff944a55
A XSS vulnerability exists in NetFlow Analyzer 4. POC code included.
99cbf172705d0c9a7a9077e35929c5197c470f860dc65d4244f6c6e370e3d0f3
Due to 30Gigs.com not removing old or used invitation ids a user is able to register multiple accounts on the same invite.
5983947052f9ad7edb9aff26cc714aeaf704c89b6edd437b4356b515de194547
A safedir restriction bypass has been identified within the GD PHP extension.
04877c12726507f2e9d95fec9a729d814580a93f4a4c8c1aae7edd854d6e6ebe
SUSE Security Announcement - The SUSE Security Team performed a security review of important parts of the OpenWBEM system. During the audit, several integer wrap arounds and buffer overflows have been discovered and fixed. If exploited, they allow remote attackers to execute arbitrary code with root privileges.
380f9bacecae2735c361e39832a96eac8cdcd39b603ebabc4c1ccc8b890d404c
Yahoo suffers from a XSS vulnerability in the RSS Aggregator which allows a person to add an RSS feed to It's website.
64feaea2e90d5f5314abf6e67be0a7b7e1ffdb00b2932ee8a007e0e1cb678efc
The default config of flexbackup versions less than 1.2.1 creates temporary files insecurely.
db9a3e94a99a77a49aef8291d574a5c191592b9df790c55ef8805f58e2a363a3
iDescription: According to a vendor security advisory [0], a potential SSL 2.0 protocol rollback attack vulnerability exists in the cryptography toolkit OpenSSL [1]. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option "SSL_OP_MSIE_SSLV2_RSA_PADDING".
6edce3ab94f7e58d90ce25544e49e4304303e71525e50accdc48e69c96091c43
Secunia Security Advisory - trueend5 has discovered a vulnerability in Chipmunk Topsites, which can be exploited by malicious people to conduct cross-site scripting attacks.
9261ad2534485ce778ab3f8571d90eb24037a3e09fd15cff632349d9131a31a0
Secunia Security Advisory - Debian has issued an update for eric. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
367b5cfd8585631d955b76140a40dea8a004642d46b830b9fb315574f502dda7
Secunia Security Advisory - Mandriva has issued an update nss_ldap/pam_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
ab878bf95faabec4720601c9965d51640eeb62e858689103960c31410534d81f
Secunia Security Advisory - A vulnerability has been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
6927c22a685631ea47f4d51aad8ad72d75642bb8746d8f98fb71414e1edb55fd
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, a security issue, and a weakness, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions, or by malicious people to disclose certain sensitive information.
b4326ea7d034b27081fc160748c495ffbb2e434b371fd1269041e0424bfd9375
Secunia Security Advisory - Mandriva has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
4cc88e2c6a758c6297bb4e63023d4ead9d5a28ce6d94173fada40e503449655a
Secunia Security Advisory - Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
7cea0eda1d78c033211a5647a9fc56be19fdadfc3c64735ff4e939d9770d2bdb
Secunia Security Advisory - Trustix has issued updates for multiple packages. These fix some vulnerabilities, where the most critical ones can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
d117271e93a44a42a477bbd2f257d03a07fe5daef87bba225d0f7d3288df71d9
Secunia Security Advisory - Two vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1603d58140eb5bb41a03312f11e1219c061a0cfd16cffef6cd9177cc717f614c
Secunia Security Advisory - SUSE has issued an update for permissions. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
699f76ef59bf50f7fb3c86a5e66dfc9eb8578d1a7c50c674244d1d8a9816db95